Re: [Cerowrt-devel] expiring certs kill juniper routers

Development issues regarding the cerowrt test router project
 help / color / mirror / Atom feed

From: Maciej Soltysiak <maciej@soltysiak.com>
To: Dave Taht <dave.taht@gmail.com>
Cc: "cerowrt-devel@lists.bufferbloat.net"
	<cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] expiring certs kill juniper routers
Date: Tue, 1 Apr 2014 17:42:16 +0200	[thread overview]
Message-ID: <CAMZR1YBNaK7pTnY2JV-emNHUALVGZ3Hdc9PJLX-W06DnA+Gehg@mail.gmail.com> (raw)
In-Reply-To: <CAA93jw4hjiUjB1760i3HcMOwELb5xV1uzPMdFwTceNr8riL-Aw@mail.gmail.com>

> 1 3 2 1 * /etc/make-webcerts.sh # regen the web certs every year feb 1 at 3am
If for some reason I fail to have my router running on that feral day
at 3am, it won't regenerate and we wait a year for the next run.
Maybe it'd be better to have a daily job to check for that in case
someone misses that key moment in a year?

Before I do anything... My copy of make-webcerts.sh has:
days=21900
bits=1024

Perhaps it's better to put less than 60 years in there and up the bits?
3 runs at 4096 took 27, 30 and 42 seconds on my WNDR3800.

That would increase the first boot up after flashing, wouldn't it?

Best regards,
Maciej

     prev parent reply	other threads:[~2014-04-01 15:42 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-03-27 20:04 Dave Taht
2014-04-01 15:42 ` Maciej Soltysiak [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMZR1YBNaK7pTnY2JV-emNHUALVGZ3Hdc9PJLX-W06DnA+Gehg@mail.gmail.com \
    --to=maciej@soltysiak.com \
    --cc=cerowrt-devel@lists.bufferbloat.net \
    --cc=dave.taht@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox